The Real Danger of Cloud Applications

This week I ran into an interesting problem. My email stopped working. That is, my Microsfot Outlook and Lync could no longer communicate with our cloud-based Office 365 Exchange server. Microsoft support was flummoxed. I eventually found the solution and it lay in system updates. By applying an optional system update to my laptop, not an Office update, I was able to get back to normal. Certainly makes you wonder what the word “optional” means in this context. If it is necessary for applications to work, it’s probably required not optional.

Although Microsoft never admitted it, it is very likely something changed in the back-end. Nothing had changed with my client applications so the Exchange server network connections were the most probable culprit. I have my theories about what happened but they are just that unless Microsoft wants to confirm them. Somehow I doubt it….

This experience highlighted a big problem with cloud computing: change control. When most of us analysts or IT professionals talk about control we think of data. We are concerned that data may be compromised or used inappropriately. Security and privacy of data is an important but rare problem. What we give up with cloud computing is control over knowing what is going on in our systems. For example, if my client applications are using SSL3 and the cloud vendor deems this a bad idea, they might deprecate it’s usage to make the system more secure. A vendor might then push out an update to client applications so they can continue to communicate without using SSL3. Sounds reasonable but the IT professionals or perhaps even end-users have to know and want to apply the update. There are lots of reasons not to apply updates for all machines. It is also not unreasonable to want to know just what these updates might do and what will happen if you don’t apply them. Even seemingly simple changes can break a system and cloud customers have to trust cloud vendors that they will know what these updates are doing.

SaaS applications are not immune to these issues either. Cloud vendors crow all the time about their APIs that allow integration and customization. Even small changes in an API can cause unwanted behavior in custom integrations and applications. When applications are hosted on-premises, IT can decide whether to apply an update, waiting for when the organization is ready, adjustments to custom applications can occur, and when IT has full knowledge of the results. With cloud applications, customers are working on the vendor’s timetable. Changes will roll out when the vendor says so and integrations and customizations adjusted immediately.

This is not to suggest that cloud applications are a bad idea. There are so many advantages to the model that volumes have been written about them. However, companies have to go in with eyes wide open. Customers are relinquishing control over everything from costs to features to changes. Ask anyone using SharePoint online who hosts their website on it about the effects of vendors driven changes. Microsoft will be removing this as a feature, effectively causing customers to find an alternative hosting platform. Maybe they will grandfather in current users of this feature but that’s not what they are saying. Instead, customers are being told they have to migrate and they don’t have a choice in the matter.

And they don’t have control.

Comments are closed.